avformat/avidec: Fix io_fsize overflow

Fixes: signed integer overflow: 7958120835074169528 * 9 cannot be represented in type 'long long'
Fixes: 23382/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6230683226996736

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2020-06-22 00:09:05 +02:00
parent 8dff6da313
commit cf0c700b0c
1 changed files with 1 additions and 1 deletions

View File

@ -439,7 +439,7 @@ static int calculate_bitrate(AVFormatContext *s)
maxpos = FFMAX(maxpos, st->index_entries[j-1].pos); maxpos = FFMAX(maxpos, st->index_entries[j-1].pos);
lensum += len; lensum += len;
} }
if (maxpos < avi->io_fsize*9/10) // index does not cover the whole file if (maxpos < av_rescale(avi->io_fsize, 9, 10)) // index does not cover the whole file
return 0; return 0;
if (lensum*9/10 > maxpos || lensum < maxpos*9/10) // frame sum and filesize mismatch if (lensum*9/10 > maxpos || lensum < maxpos*9/10) // frame sum and filesize mismatch
return 0; return 0;